Wednesday, 25 October 2017

iptables tutorial for Beginner - iptables commands

iptables tutorial for Beginner

Question: What is iptables?
iptables is a utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall.
Different kernel modules and programs are used for different protocols, For Example
iptables applies to IPv4
ip6tables applies to IPv6
arptables applies to ARP
ebtables to Ethernet frames


Question: What privileges required to manage iptables?
iptables requires user root to manage.


Question: How to install iptables?
sudo apt-get install iptables



Question: Why we use iptables?
We use Iptables to allow/deny traffic for incoming/outgoing.


Question: How iptables works?
We define the rules for All type Incoming and Outgoing connection.
For Example
When someone try to established a connection, iptables looks for a rule in its list to do as per rules.


Question: What is Policy Chain default Behavior?
If someone trying to connect and that is not in existing rules, that rules come under default behavior.


Question: How to check all the iptables Rules?
iptables -L -n -v


Output
Chain INPUT (policy ACCEPT 1129K packets, 415M bytes)
pkts bytes target prot opt in out source destination 
0 0 ACCEPT tcp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
0 0 ACCEPT udp -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 
0 0 ACCEPT all -- * lxcbr0 0.0.0.0/0 0.0.0.0/0 
0 0 ACCEPT all -- lxcbr0 * 0.0.0.0/0 0.0.0.0/0


Chain OUTPUT (policy ACCEPT 354K packets, 185M bytes)
pkts bytes target prot opt in out source destination



Question: What are different type of connection defined in iptables?
  1. Input: This chain is used to control the behavior for incoming connections.
  2. Forward : This chain is used to control the behavior for incoming connections that local but forward from another like router.
  3. Output : This chain is used to control the behavior for outgoing connections



Question: What are different type of iptables Responses for connections?
  1. Accept: Allow the connection.
  2. Drop : Drop the connection. It is used when you don't want the source to realize your system exists
  3. Reject: Don't allow the connection and send back an error.



Question: How to block a connection from specific IP Address?
iptables -A INPUT -s 10.20.20.20 -j DROP
10.20.20.20 is IP Address.


Question: How to block a connection from IP Address range?
iptables -A INPUT -s 10.10.10.0/24 -j DROP

10.20.20.20 is IP Address.


Question: How to un-block a connection from specific IP Address?
iptables -D INPUT -s 10.20.20.20 -j DROP

10.20.20.20 is IP Address.


Question: How to block outgoing connections on a specific port?
iptables -A OUTPUT -p tcp --dport 8082 -j DROP

8082 is Port.


Question: How to block outgoing connections from mulitple port?
iptables -A OUTPUT  -p tcp -m multiport --dports 8081,8082,8083 -j ACCEPT

8081, 8082, 8083 is Port.


Question: How to block incoming connections on a specific port?
iptables -A INPUT -p tcp --dport 8082 -j DROP

8082 is Port.


Question: How to Limit the Number of Concurrent Connections per IP Address?
iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT



Question: How to search a string in iptables?
iptables -L $table -v -n | grep $string



Question: How to add new rule in iptables?
iptables -N custom-filter



Question: How to Disable Outgoing Mails through IPTables?
iptables -A OUTPUT -p tcp --dports 25,465,587 -j REJECT



Question: How to get help on IPTables?
man iptables 



No comments :

Post a Comment